a member of Group Elephant

beyond corporate purpose

Evolutio and EPI-USE Labs, both groupelephant.com businesses, help organizations understand the Log4Shell vulnerability and take appropriate mitigating and remedial steps

RSVP NowRSVP Now
December 23, 2021
1:00 PM (EST)
December 23, 2021
1:00 PM (EST)

Enterprises from across the globe have sought quick assistance, particularly those with complex IT environments leveraging SAP software, Cisco AppDynamics monitoring, and needing to address vulnerable enterprise applications.

CHICAGO, IL | December 23rd, 2021

Specialists from Evolutio and EPI-USE Labs are assisting organizations with guidance, identification, and mitigation of the vulnerability in the Log4j framework, now colloquially referred to as Log4Shell. It has been at the top of the to-do list for enterprise IT and Security teams as the 2021 calendar year ends.

Devin Stonecypher, Director of Security at Evolutio, explains the threat in the following way, “There are three factors that make Log4Shell so dangerous. First, the vulnerable library log4j is widely deployed. Secondly, the vulnerability is shockingly easy to exploit. Third, exploiting gives attackers the ability to run arbitrary code remotely on compromised systems."

On December 9th 2021, the critical zero-day vulnerability in the Apache Log4j framework was disclosed publicly, denoted in the Common Vulnerabilities and Exposures (CVE) catalog as CVE-2021-44228. The Apache Software Foundation assigned it a Common Vulnerability Scoring System (CVSS) rating of 10, the highest possible score.

Organizations might be exposed without even realizing it, since the Log4j library is prevalent in numerous frameworks, tools, and runtime environments. A vulnerable application might even allow access to other unrelated applications and data stores.

Stonecypher has been maintaining a hopeful outlook with enterprise clients, while educating them on the fundamentals when they need it. “Hidden deep inside all applications are code libraries that the application developer did not write, and that they did not personally vet. These libraries are little (sometimes not-so-little) bundles of pre-written code that perform a specific function or set of functions. Log4Shell has similarities to the SolarWinds vulnerability, as both are Software Supply Chain Vulnerabilities. The vulnerability that led to the SolarWinds incident was a malicious inclusion (an attack) in a library, and the Log4Shell vulnerability is currently believed to be an accidental inclusion in the Log4j library. But both are vulnerabilities in the software supply chain,” said Stonecypher.

Jaco Prinsloo, Principal at EPI-USE Labs and a strategic partner of Evolutio, said “SAP, AppDynamics, and most other software vendors have been issuing security advisories, detailing which products are affected and how. We've seen some clients respond well to these security advisories, with strong in-house experts that can implement the mitigations and ensure the vulnerabilities are truly patched. Yet some clients have been struggling, and patently need help to effectively mitigate these vulnerabilities.”

Prinsloo goes on to say that “certain clients that we've been talking to were surprised by the extent of this vulnerability. They understand that some of their products run on Java, but didn't realize just how many. SAP, for example, makes extensive use of Java for a number of their services and products.”

Evolutio’s CEO Adam Ties said “immediately when the news broke, our clients began feeling the pain, which intensified throughout the weekend. Because of our ability to help with solutions and guidance we prioritized our response, given the significant risk of highly-adverse implications arising from this security event.”

Evolutio and EPI-USE Labs are providing advisory calls with their specialists, to validate that organizations are addressing the vulnerabilities correctly. They have offered automated scanning and modern tooling to find vulnerable applications, with particular emphasis on IT environments that have SAP software or Cisco AppDynamics monitoring in place. The two organizations have offered assistance with the actual mitigation, especially in more complex scenarios. And lastly, Evolutio and EPI-USE Labs can provide advice on how to safeguard systems going forward, including suggestions on tooling and risk management.

ABOUT EVOLUTIO (https://www.evolutiops.com):

Evolutio specializes in helping organizations solve the operational challenges of building and scaling complex enterprise applications, bringing simplicity and governance to the chaos through four practice areas: Observability, Automation, Security, and Data Science. Their professional services deploy and optimize proven technologies to maximize revenue, grow brand loyalty, and deliver a premium digital experience.

ABOUT EPI-USE LABS (https://www.epiuselabs.com):

EPI-USE Labs provides software and services to enhance the performance, security, and management of their clients’ SAP® systems. Their software, value-added solutions and managed services create better, more powerful and secure systems for more than 1,000 organizations using SAP, worldwide.

Presenter

Author

Aaron Abodeely
Director of Corporate Strategy

Aaron has marketed Information Technology for fifteen years. He's held roles in partner marketing, community management, and field marketing. His experience managing large technical community-building initiatives and product roll-outs makes him savvy at bridging the divide between technology, advisory, service delivery, and marketing.

Prior to joining Evolutio in 2021, in 2018 he founded a self-employed consultancy and podcast, focused on the IT Channel by delivering Sales and Marketing services to OEMs, distributors, and IT solution providers. Aaron is also the Outcome Studio Podcast host, growing his audience to thousands of downloads and hundreds of thousands of video views on LinkedIn.

Aaron is applying the skills of developing a brand for a services company to Evolutio's practice areas. He works side-by-side with practice area leaders in Observability, Automation, Data Science, and Security to tell stories about how Evolutio is helping organizations build, scale, and secure enterprise applications.

Ready to see what we can do for your organization?

Contact Us
Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy and Cookie Policy for more information.